Vulnerability Description
A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252275. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shanxi Tianneng Technology | Noderp | < 6.0.2 |
Related Weaknesses (CWE)
References
- https://note.zhaoj.in/share/vWuVlU2eg79tBroken Link
- https://vuldb.com/?ctiid.252275Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.252275Third Party AdvisoryVDB Entry
- https://note.zhaoj.in/share/vWuVlU2eg79tBroken Link
- https://vuldb.com/?ctiid.252275Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.252275Third Party AdvisoryVDB Entry
FAQ
What is CVE-2024-1006?
CVE-2024-1006 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the compo...
How severe is CVE-2024-1006?
CVE-2024-1006 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1006?
Check the references section above for vendor advisories and patch information. Affected products include: Shanxi Tianneng Technology Noderp.